T-Mobile, the second-largest mobile carrier in the United States, was hit by a significant data leak less than two weeks ago. T-Mobile reported that roughly 54 million people’s personal information was exposed as a result of the data breach.
This information contains first and last names, dates of birth, social security numbers, and information from a driver’s licence. That’s pretty much the worst-case scenario, and we only learned about it because the corporation responded to a Vice Motherboard piece.
What’s even more alarming is that 48 million people are affected, both current and future customers!T-Mobile subscribers aren’t included. What did they do with all that personal information? All of you lawyers are grinning, and sure, class-action lawsuits use to have begunalready.
T-Mobile happens to be issuing public remarks about the matter, emphasising that “zero financial information, debit card information or credit card information,” was hacked. If someone has all of the additional information they need to obtain a credit card in your name, that’s not very reassuring.
Worse, this provides a massive resource pool for SIM-swapping hackers.SIM switching is the process of convincing a mobile carrier that they are someone else and gaining ownership of that person’s phone number.
That may seem unusual at first, but most of the things we’d rather keep a hacker out of are protected by two-factor authentication (2FA), which usually entails sending a text message or one-time-password (OTP) to your phone.
That implies that if a hacker obtains your phone number, they have access to a lot of your personal information, even your online banking accounts in many cases! Your mPaisa and MyCash accounts in Fiji are connected to your phone number.
Back in the United States, things were horrible to begin with, but T-Mobile isn’t doing anything to alert customers just yet. Because the first job after putting the personal information of more than 54 million people at risk is to assist them in protecting themselves.
T-Mobile has discovered that “unauthorised entree to a few of your information, or other information on your account, such as your address, name, phone number, and date of birth, has occurred.”
We have no evidence that your Social Security number, personal financial or payment information, credit/debit card information, account numbers, or account passwords were accessed. We take our clients’ security very seriously.Learn more about best practises for keeping your account safe, as well as general security advice.”
The problem is that that message appears to be a massive exaggeration of what has actually occurred. Even if you have “no information” that a certain customer’s SSN has been hacked, it’s usually better to presume it has and respond appropriately in this scenario.
In fact, I believe T-answer Mobile’s does something almost unthinkable: it makes the firm look worse than the criminal who stole the information in the first place!Cybercriminals are those who break into company computers and steal information. We’re aware of this, and we anticipate them to act badly.
We expect the companies with whom we entrust our personal information to protect it. That is not irrational. An expectation that if our information is stolen, organisations should be forthright and transparent about what happened, what they’re doing about it, and what steps we need to take is also not unreasonable. If you can’t keep our information safe, at the very least tell us how we can keep ourselves safe.
Even more perplexing is the fact that this is T-sixth Mobile’s hack in four years, with the most recent incident occurring in January of this year and others occurring in 2018! What is the Federal Communications Commission (FCC) of the United States doing about it?
The recent massive data breaches at Facebook, LinkedIn, and other firms demonstrate the companies’ callous attitude toward personal data. They can spend millions, if not billions, of dollars on infrastructure and other resources, but not on what matters most to them: their customers’ personal information.
The financial and banking sectors are an excellent place to start if telecoms regulators throughout the world want to see what kind of laws they should enact. Take a look at their standards and the tight controls that central banks, including our own Reserve Bank of Fiji, have implemented.
This is to safeguard clients’ personal information as well as their funds. Money can always be replaced, but personal data, once it’s out there in the deep black web, keeps you vulnerable for the rest of your life!
Personal data has become a commodity on the Darknet, and these Big Tech businesses are well aware of this, using it with the marketing and advertising behemoths to make billions! And sometimes even going public without showing a single dime in profit! You’d think that when the dot-com boom crashed in 2000, we’d have learned our lesson.
Returning to strategy, how do we get all departments of an organisation on the same page when it comes to cybersecurity, and where everyone understands the terminology?
Things go more smoothly when everyone is on the same page, which includes the capacity to discuss an issue in a way that everyone understands.
In Fiji, a game called Chinese Whisper, also known as Telephone or Gossip, depicts what happens when words and their meanings are misunderstood. Someone whispers a secret to the person next to them in a circle of people.
That person then passes the secret on to the person next to them, and so on, until it reaches the first person, who, more often than not, has a completely different secret.
In the field of cybersecurity, failing to read a comment or document as the author meant might be disastrous.According to PwC’s 2020 Global Risk Study, about half of respondents say that risk, internal audit, compliance, and cybersecurity teams are hampered by a lack of a shared understanding of risks and risk. After working on projects with several departments and attempting to “tie it all together” for executive management and the Board, I concur with your assessment.